NCSC-FI
CVE Numbering Authority
Latest CVE published
Overview
NCSC-FI is a CVE Numbering Authority that has published 10 CVE records since 2024. It is currently classified as active, with 10 CVEs published in the last two years. Its CVE data quality is graded A (100% overall completeness).
Among the 370 CNAs tracked here, NCSC-FI ranks #305 by CVE volume and reports more complete records than 60% of all CNAs.
Data quality report card
How complete and consistent NCSC-FI's CVE records are, scored across vendor, product, CVSS, and CWE coverage.
A CVE record only requires a description to be published. “Completeness” measures how often NCSC-FI also fills in the optional — but extremely useful — fields that make a vulnerability actually actionable: the affected vendor and product, a CVSS severity score, and a CWE weakness type. A higher score means more of this CNA’s CVEs include those details, so defenders spend less time enriching records by hand.
Report card grade
100%
Overall score
What these scores mean
- Vendor completeness
- The share of this CNA's CVEs that name an affected vendor.
- Product completeness
- The share that name a specific affected product.
- CVSS completeness
- The share that include a CVSS severity score.
- CWE completeness
- The share mapped to a CWE weakness type.
- Update rate
- How often this CNA revises CVE records after first publishing them.
- Vendor diversity
- How many distinct vendors this CNA publishes CVEs for.
Severity and exploitation
How the CVSS severity of NCSC-FI's published CVEs breaks down, and how many are known to be exploited in the wild.
In CISA’s Known Exploited Vulnerabilities catalog
0
None of NCSC-FI's CVEs are currently listed in CISA's Known Exploited Vulnerabilities catalog.
Common weakness types
The CWE weakness categories NCSC-FI most often assigns to its CVEs. Follow any weakness to its full explanation.
- CWE-22Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')3 CVEs
- CWE-613Insufficient Session Expiration2 CVEs
- CWE-522Insufficiently Protected Credentials2 CVEs
- CWE-200Exposure of Sensitive Information to an Unauthorized Actor1 CVE
- CWE-256Plaintext Storage of a Password1 CVE
- CWE-269Improper Privilege Management1 CVE
- CWE-250Execution with Unnecessary Privileges1 CVE
- CWE-276Incorrect Default Permissions1 CVE
Publishing activity by year
How many CVEs NCSC-FI has published each year.
Top vendors
The vendors NCSC-FI publishes the most CVEs for.
- Sparx Systems Pty Ltd.8 CVEs
- Valmet4 CVEs
- Truesec3 CVEs
- cerberusftp1 CVEs
- danofficeit1 CVEs
- DynamicWeb1 CVEs
- Edgemo (Danoffice IT)1 CVEs
- Invoice Ninja1 CVEs
Top products
The products NCSC-FI publishes the most CVEs for.
- Pro Cloud Server6 CVEs
- Valmet DNA3 CVEs
- LAPSWebUI3 CVEs
- Sparx Pro Cloud Server3 CVEs
- Sparx Enterprise Architect2 CVEs
- Inno Setup1 CVEs
- ftp server1 CVEs
- Crotchet and Knitting1 CVEs
Latest CVEs
The most recent CVEs assigned by NCSC-FI.
- CVE-2026-6265CWE-278
Local Privilege Escalation in Cerberus FTP Server =< 2025.4.2
High · CVSS 7.3EPSS 0.3%2026-04-27 - CVE-2025-15626CWE-639
Authenticated user can bypass authorization in Ribblr - Crochet & Knitting iOS application
Medium · CVSS 5.3EPSS 0.2%2026-04-27 - CVE-2025-15625CWE-200
Unauthenticated execution of arbitrary SQL queries in Sparx Pro Cloud Server
Critical · CVSS 9.5EPSS 0.4%2026-04-17 - CVE-2025-15624CWE-256
Plaintext Storage of a Password in Sparx Pro Cloud Server.
Critical · CVSS 9.3EPSS 0.4%2026-04-17 - CVE-2025-15623CWE-497
Sparx Pro Cloud Server reveals sensitive information to an unauthenticated user
Critical · CVSS 9.3EPSS 0.3%2026-04-17 - CVE-2025-15622CWE-522
Sparx Enterprise Architect Client reveals plaintext OAuth2 client secret
Medium · CVSS 6.2EPSS 0.2%2026-04-17 - CVE-2025-15621CWE-522
Sparx Enterprise Architect Client does not verify the receiver of OAuth2 credentials during OpenID authentication
Medium · CVSS 5.7EPSS 0.1%2026-04-16 - CVE-2025-15554CWE-525
Admin Passwords Cached by Browsers in Truesec LAPSWebUI
Medium · CVSS 6.0EPSS 0.1%2026-03-16 - CVE-2025-15553CWE-613
Insecure Logout Functionality in Truesec LAPSWebUI
Medium · CVSS 6.0EPSS 0.1%2026-03-16 - CVE-2025-15552CWE-613
Long Session Lifetime in Truesec LAPSWebUI
Medium · CVSS 6.0EPSS 0.1%2026-03-16 - CVE-2026-3315CWE-276
Local Privilege Escalation Due to Writable Executable in Privileged Visionline Service Path
Medium · CVSS 5.8EPSS 0.1%2026-03-10 - CVE-2025-15595CWE-1390
Privilege escalation via dll hijacking in Inno Setup
Medium · CVSS 5.7EPSS 0.1%2026-03-03
Track new NCSC-FI CVEs as they are published and get AI-written analysis and remediation guidance.
Monitor NCSC-FI CVEsOther CNAs
Compare data quality across other CVE Numbering Authorities.
Frequently asked questions
Common questions about the NCSC-FI CNA.
- What is the NCSC-FI CNA?
- NCSC-FI is a CVE Numbering Authority (CNA) — an organization authorized to assign CVE IDs to vulnerabilities in its scope. It has published 10 CVE records since 2024.
- How many CVEs has NCSC-FI published?
- NCSC-FI has published 10 CVE records, including 10 in the last two years.
- What is NCSC-FI's CVE data quality grade?
- RadicalNotion.AI grades NCSC-FI's CVE data quality as A, with an overall completeness score of 100%. This reflects how consistently its CVE records include vendor (100%), product (100%), CVSS (100%), and CWE (100%) information.
- What products does NCSC-FI publish CVEs for?
- NCSC-FI most frequently publishes CVEs for Pro Cloud Server, Valmet DNA, LAPSWebUI, Sparx Pro Cloud Server, Sparx Enterprise Architect.
- Which vendors does NCSC-FI cover?
- NCSC-FI publishes CVEs across 6 distinct vendors, most often Sparx Systems Pty Ltd., Valmet, Truesec, cerberusftp, danofficeit.
- Is NCSC-FI actively publishing CVEs?
- NCSC-FI is currently active, based on 10 CVEs in the last two years.
- What is the average severity of NCSC-FI's CVEs?
- The average CVSS base score across NCSC-FI's scored CVEs is 7.5.
- How many critical CVEs has NCSC-FI published?
- NCSC-FI has published 4 critical-severity CVEs and 9 high-severity CVEs.
- Are any of NCSC-FI's CVEs in CISA's Known Exploited Vulnerabilities catalog?
- No. None of NCSC-FI's CVEs are currently listed in CISA's Known Exploited Vulnerabilities (KEV) catalog.
- What are the most common weakness types in NCSC-FI's CVEs?
- NCSC-FI's CVEs most often map to these CWE weakness types: CWE-22 (Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')), CWE-613 (Insufficient Session Expiration), CWE-522 (Insufficiently Protected Credentials), CWE-200 (Exposure of Sensitive Information to an Unauthorized Actor).
- How does NCSC-FI rank among CNAs?
- By total CVE volume, NCSC-FI ranks #305 of 370 CNAs, and it reports more complete CVE records than 60% of all CNAs.
References
- Official CVE.org list of CNA partners (opens in a new tab)
- Learn: What is a CNA?
- CWE directory: the weakness types this CNA maps its CVEs to
CNA report-card grades are computed by RadicalNotion.AI from published CVE records. CVE data is sourced from the CVE Program.
Track NCSC-FI CVEs
Monitor new vulnerabilities as this CNA publishes them, with AI-written analysis and remediation guidance.